README.md

HashLock - Secure passwords for Firefox

About

HashLock is an add-on for the Mozilla Firefox web browser, allowing you to use a different password on each website.

Important note : This is alpha software, and is not yet available on the official add-ons store. Use at your own risks.

Security

Having a different password on each website is a strong security recommendation. This way, if a website is hacked, and your password is stolen, it can't be used on every website you've got an account on.

This add-on helps by generating a unique password for you, on each website you visit. The password is generated from 3 components :

The website main name (for example, if you're visiting http://www.mozilla.com/en/, the part mozilla will be used)

A private key (only visible in the options page, you never have to type it)

A common password you have to type (it can be a trivial word like banana without security risk)

The private key is added as an extra layer of security. The only downside of it is you have to keep it in a safe place, and you get to have it if you're not on your usual computer.

Installation

Once reaching a beta stage, the add-on will be made available from the official add-ons store.

If you are a developer, you can clone the repository, and use these commands to test the add-on:

npm install
npm run build
npm run browser

Usage

On the first install, the add-on will generate a unique private key. This key is accessible from the add-on's options page. This key is very important and you should keep a copy of it in a safe place. Don't change this key once it has been used to generate a password, or the password will change too.

Now, when you have a password field on a website, all you need to do is type inside a simple keyword of your choice, followed by the dash sign # (for example, type foobar#). You can use the same keyword on each site (it is even recommended). Once you click outside the password field, a secure password, unique to this website, will replace the typed one. The field should get surrounded by a yellow frame, so that you know it worked.

The only thing you have to remember is the keyword you typed before the dash sign, and always use it.